Australian hydraulic equipment supplier Aussie Fluid Power has confirmed that it has experienced a security incident involving unauthorized access by a third party to a limited number of its IT systems. The company noted that until more information is known regarding the information compromised, there is no need for customers or suppliers to act, except to maintain vigilance in protecting online and electronic privacy.
Last week, ransomware group Anubis claimed responsibility for a cyberattack on Aussie Fluid Power.
“We are investigating the matter as a priority and have engaged forensic IT experts to support the investigation,” Aussie Fluid Power wrote in a company statement. “While the investigation is ongoing, at this stage it appears the event may have resulted in certain employee, customer, and supplier information being compromised.”
Aussie Fluid Power said that it takes the security and privacy of its data very seriously. “We have reported the incident to the Australian Cyber Security Centre and have acted immediately to secure our systems and are strengthening our security protocols as a priority. We sincerely apologize and are contacting those stakeholders who may have been impacted as quickly as possible.”
Last week, the ACSC reported that critical infrastructure continues to be a target for state-sponsored cyber actors, cybercriminals, and hacktivists. This is due to the sensitive data that these critical organizations hold and their role in providing services that support Australia’s national resilience, sovereignty, and prosperity.
During the second quarter of 2025, Dragos reported that several new ransomware groups emerged, significantly escalating threats to industrial and enterprise organizations. These groups introduced innovative and adaptive tactics, techniques, and procedures, creating complex new defensive challenges for cybersecurity teams. Among the newly identified groups impacting industrial sectors were Gunra, Dire Wolf, Kraken, Silent, Anubis, BERT, Chaos, Crypto24, IMN Crew, Kawa4096, Underground, and Warlock.
The Aussie Fluid Power attack occurs at a time when the manufacturing sector is facing a sharp rise in cyberattacks, including a notable surge in ransomware incidents.
According to Forescout, there was a 71% rise in threat actors targeting the manufacturing sector in 2024, with 79% of these actors being cybercriminals and 45% being ransomware gangs. Notably, the RansomHub group was responsible for 78 incidents, including large data thefts.
Dragos reported an 87% surge in ransomware attacks against industrial organizations over the past year, with a 60% increase in attacks affecting OT/ICS systems. These attacks have led to production line halts, supply chain disruptions, and the exfiltration of sensitive data.
Detection and proactive defense company DeXpose has identified that ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across sectors. To reduce impact and prevent future incidents, organizations must continuously monitor their networks, which can detect breached credentials, leaked databases, and threat actor chatter in near real-time before damage spreads internally. It is essential to conduct a full compromise assessment immediately to determine how attackers infiltrated the network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
Organizations should also validate their backups to ensure they are current, encrypted, and stored offline, and employ immutable backup solutions to defend against ransomware encryption and deletion attempts. Applying threat intelligence by integrating external threat feeds into SIEM or XDR platforms allows for real-time alerting and correlation. Strengthening employee defenses through phishing simulations and enforcing multi-factor authentication across all access points is critical, as attackers often exploit weak or reused credentials sourced from the dark web.
Finally, engaging professional response teams, including cybersecurity incident response experts, threat analysts, and legal counsel, is necessary before initiating any dialogue with ransomware groups or ransom brokers.
